Enable anonymous auth for Grafana iframe embeds

Public dashboards don't support template variables or PostgreSQL datasources, so anonymous auth is required for Homepage embeds. Security relies on Tailscale ACLs - see zk grafana card. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 14:11:29 -08:00 · 2026-01-30 14:11:29 -08:00 · 0c09177d08
commit 0c09177d08
parent bee85d70ed
1 changed files with 5 additions and 3 deletions
--- a/argocd/manifests/grafana/values.yaml
+++ b/argocd/manifests/grafana/values.yaml
@ -30,10 +30,12 @@ grafana.ini:
    allow_embedding: true
    # Required for iframe session cookies
    cookie_samesite: lax
-  # Public dashboards - selectively share specific dashboards without auth
-  # Enable per-dashboard via Share > Public Dashboard in Grafana UI
-  public_dashboards:
+  auth.anonymous:
+    # WARNING: All dashboards readable without login
+    # Security relies on Tailscale ACLs - only tailnet members can reach Grafana
+    # Required for iframe embeds with template variables and non-Prometheus datasources
    enabled: true
+    org_role: Viewer
  analytics:
    check_for_updates: false
    reporting_enabled: false